Threat Database Ransomware Jhon Woddy Ransomware

Jhon Woddy Ransomware

By GoldSparrow in Ransomware

The 'Jhon Woddy' Ransomware is a ransomware Trojan that is used to lock computer users out of their computers. This is a known tactic that has been around for several years. Computer users may be forced to pay a large ransom to recover access to the infected computer. Fortunately, in the case of the 'Jhon Woddy' Ransomware, it is possible to restore access to the infected computer without having to pay the large amounts of money that the people responsible for the 'Jhon Woddy' Ransomware demand. The 'Jhon Woddy' Ransomware was first observed in January 2017, and it was released only a few days after the DNRansomware, another ransomware Trojan that seems to be its direct clone.

A General Glance on the 'Jhon Woddy' Ransomware

PC security analysts advise computer users to take precautions against the 'Jhon Woddy' Ransomware and similar threats since it seems that numerous variants in the 'Jhon Woddy' Ransomware's family are being released within a very short period. The 'Jhon Woddy' Ransomware is a direct clone of the DNRansomware; both threats use the same code virtually. Fortunately, the DNRansomware was cracked by PC security analysts, which allowed computer users to restore access to their computers without having to pay the con artists for the privilege. Since the 'Jhon Woddy' Ransomware uses the same code, malware analysts also have been able to provide help to victims of the 'Jhon Woddy' Ransomware attack. There are several ways in which the 'Jhon Woddy' Ransomware can spread. The most common way in which the 'Jhon Woddy' Ransomware spreads is through the use of corrupted spam emails that will contain email attachments and a text body that uses social engineering to trick computer users into opening the email attachment. For example, the 'Jhon Woddy' Ransomware may be spread in a fake email from PayPal or Amazon, which claims that an attached text file contains some update to the user's agreement. Opening the text file allows corrupted macros to run, which will download and install the 'Jhon Woddy' Ransomware on the victim's computer.

How the 'Jhon Woddy' Ransomware Infects a Computer

The 'Jhon Woddy' Ransomware seems to use a typical ransomware attack, infiltrating the victims' computers, encrypting the victim's files, and then demanding the payment of a ransom. However, unlike stronger threats, the 'Jhon Woddy' Ransomware's decryption key is hard coded into the 'Jhon Woddy' Ransomware, which means that malware researchers have been able to retrieve the 'Jhon Woddy' Ransomware's decryption key by studying the 'Jhon Woddy' Ransomware's source code. To recover from a 'Jhon Woddy' Ransomware infection, victims of the attack should type the string M3VZ>5BwGGVH into the password field. Once the affected files have been restored, it will still be necessary to use a reliable security program to perform a full scan of the affected computer. This is because the 'Jhon Woddy' Ransomware infection could be accompanied by a different threat that could have been installed at the same time. It is also possible that the 'Jhon Woddy' Ransomware may reinfect the victim's computer if it is not removed completely, even if the victim entered the password into it.

Conclusions Relating to the 'Jhon Woddy' Ransomware

The following are important facts related to the 'Jhon Woddy' Ransomware infection:

  • The 'Jhon Woddy' Ransomware is closely related to the DNRansomware, and both were released in January, 2017.
  • The 'Jhon Woddy' Ransomware identifies the encrypted files with the extension '.killedXXX,' which is added to the end of each encrypted file.
  • Computer users can skip the 'Jhon Woddy' Ransomware lock screen with the password M3VZ>5BwGGVH.
  • Although the password should supposedly decrypt the affected files, as with the DNRansomware, it seems that this does not always work with the 'Jhon Woddy' Ransomware. Because of this, it may be necessary to download a freely available decryption utility released by PC security researchers.
  • It is highly likely that new variants of the 'Jhon Woddy' Ransomware will surface soon.


Most Viewed